Taking advantage of the lure of AI, cybercriminals are flooding Facebook with ads and pages for fake ChatGPT, Google Bard and other chatbots. A way to lure their victims into downloading malware.
The growing public interest in solutions based on generative AI has not escaped the attention of cybercriminals, who are determined to take advantage of it. We quickly saw application stores like the Play Store and the App Store being invaded by virulent imitations of ChatGPT and Bard of all kinds, with paid subscriptions, personal data collection and numerous advertisements. But hackers also strike via social networks, and more particularly Facebook. Researchers from Check Point Research (CPR) uncovered an extensive scam campaign aimed at tricking users into downloading malware by creating fake pages and advertisements for popular AI brands, such as ChatGPT, Google Bard, Midjourney and Jasper. The malware then steals passwords (banking, social media, games, etc.), cryptocurrency wallets (including Zcash, Bitcoin and Ethereum) and all information stored in the browser of their victims. And these are not small pages with a few hundred subscribers, but millions! We let you imagine the extent of the damage…
Fake ChatGPT and Bard: pages to download malware
According to Sergey Shykevich, Head of Threat Research at Checkpoint, “cybercriminals are getting smarter. They know everyone is interested in generative AI and use Facebook pages and ads to impersonate ChatGPT, Google Bard, Midjourney and Jasper“. To succeed in their scam, the criminals create fake Facebook pages or fake groups using the name of a popular AI, with attractive content. We thus find pages such as “Bard for Business V3”, “Smartgpt4.com”, “Bard AI for Business” or even “Mid-Journey AI”. These are sponsored and therefore promoted by Facebook itself. Users are tricked into liking or commenting on posts and, each time they do this, they unwittingly participate in the spread of fake pages, spreading them on their own social networks. Not only will the content they interacted with appear on their friends’ news feed, but it will also be pushed by the social network’s algorithm.
The problem is that infected pages promote a new service or special content via a link. They offer advice, news and improved versions of artificial intelligence services. Thus, they praise the merits of version 2 of Bard, which is supposed to be able to compose music, edit videos, generate images… There are also links to the new and incredible free version of Midjourney – while the image-generating AI is paid. However, when the user clicks on the link, he is sent to a web page, where he unwittingly downloads malicious software – the pages or groups alternate between legitimate links and adulterated links.
Fake ChatGPT and Bard: credible and attractive content
Inevitably, told in this way, we spot many signals that alert us to danger and urge us not to click on anything. The problem is that these pages are quite credible, because they are followed by many people. “When an unsuspecting user searches ‘Midjourney AI’ on Facebook and finds a page with 1.2 million followers, they are likely to believe it is a genuine page”, explain the researchers. Their distrust is also put to sleep by the many comments and reactions – sometimes tens of thousands! – under publications. It’s a bit like looking at the number of downloads and reviews for an app on the Play Store or App Store to find out if it’s safe to download.
Also, it is advisable to adopt some reflexes so as not to be fooled. First, always check domain names. The ones that phishers use usually have minor spelling mistakes but are still plausible. It is better to watch for any spelling or grammatical errors in general. It is essential to download software or extensions only from reliable sources: Facebook groups or pages are not – and this, to download anything -, as well as forums, messaging, etc. Better to go directly through the official webpage or trusted media. Finally, check the links by copying and pasting them – without opening them – into phishing verification tools such as phishtank.com. You can never be too careful!